- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reading downloaded log files locally
I simply want to analyse a single log file I've downloaded from our server, and produce some charts, but am running out of time and patience trying to find out how to do this simple task. Any help appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use this tutorial Add data to Splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Go into your local instance of Splunk.
- Go to "Manager"
- Click "Data Inputs"
- Click "Files & Directories"
- Click "New"
- Select "Upload and Index a file"
- Select browse and upload the file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm... it was the latest version actually recommended for OS X 10.4.11 - perhaps more recent versions might work on 10.4?
I've added the log file as a 'New Input', and am looking for the language ref... access.log" | fields referer_domain
is the default, but I'm after things like 'page visits' etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ooof, that's a couple of revisions behind - Splunk 4.2.1 is the latest and greatest..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay - figured out that it starts up as a server process and not an app. I'm running Splunk 3.4.13 on OS X 10.4.11. I went to "Data Inputs:Files & Directories:New Input" and am awaiting result for a 390MB Apache log file from one of our servers...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope, it's a stand alone app. You can hit it directly via localhost:8000 and log in that way.
Brian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since this is the first time I've used it, perhaps I should have added 'does my local instance of Splunk run as an (OS X in my case) app or does it need a locally-running version of Apache?' BTW I'm currently awaiting (30 minutes and counting) an attempt to read said log file locally with Analog...
